+++
title = "Panic Passwords"
date = 2021-01-31
+++

Misc
====

I\'ve slowly started going through some older things I\'ve written over
the last few years. This is part of deblobbing my life and thinning out
old emails that I no longer need to keep. Most things I\'ve saved I
don\'t really need, but every once in a while I find something I don\'t
want to forget about.

Panic Passwords {#panic-passwords-1}
===============

Several years ago when I was part of the security cohort for a former
place of employment, I pushed the idea of using \"panic passwords\" for
use when someone under duress logs in. I still really like this idea,
though I haven\'t seen it in use anywhere. These days, most of the
systems I work with use some kind of signle sign-on system to handle
authentication and then redirect the user back.

This is a surface area that most security teams don\'t touch, other than
watching repeat incorrect login attempts.

Specifically thinking about web apps, an alternative option could
include something in the UI that users could interact with. It could
also double as something that an intruder might interact with, thinking
it does one thing, but they actually have just set off an alert.

In high school, two of my closest friends said they wanted to learn
morse code so they could talk in class while tapping their pencils/pens
on their desks. At the time, I think I had two alternate ideas. I
thought learning brail would help me better because I could read in the
dark while developing photos. I also wanted to learn more (ASL) sign
language. The way I remember it, I suggested sign language, but they
thought it would draw too much attention. I don\'t know if they ever
followed through, but I learned SOS. And while I don\'t agree with the
political career of Jeremiah Denton at all, a side band communication
could come in handy if I\'m ever a POW on broadcast TV:

    -/---/.-./-/..-/.-./.

References
==========

-   [Panic Passwords: Authenticating under
    Duress](https://www.usenix.org/legacy/events/hotsec08/tech/full_papers/clark/clark.pdf) -
    [(archive.org)](https://web.archive.org/web/20210131234020/https://www.usenix.org/legacy/events/hotsec08/tech/full_papers/clark/clark.pdf)
-   <https://en.wikipedia.org/wiki/Duress_code>
